|The stupid question is the question not asked|
Is it me, or is the documentation for CGI::Session severely misleading?
It's not just you,
The latest version, which is what I read, says http://search.cpan.org/~markstos/CGI-Session-4.48/lib/CGI/Session.pm#new%28%29
If called without any arguments, $dsn defaults to driver:file;serializer:default;id:md5, $query||$sid defaults to CGI->new(), and \%dsn_args defaults to undef.
That isn't strictly true as it defaults to CGI->new whenever the second argument is undef
At the moment, I've no idea how that could be improved :) patches welcome
However, you probably would not have run into this if you weren't implementing your own login logic error :) as "Basic cookie management " teaches , you set one cookie per browser ( brand-the-browser , associate sessionid with browser)
Later, for login, you update some session data (username, login status )
Later, for logout, you delete the entire session, and delete the cookie
Or you could even, Later, for logout, keep the cookie (and session alive), but delete some session data (delete username, login status )...